Module Linux essentials - Module 16 introduce special permissions, links and file locations. After studying this chapter students should be able to: Working with system files and libraries, understanding symbolic links. | Module 16 Special Permissions, Links and File Locations Exam Objective Special Directories and Files Objective Summary Working with system files and libraries Understanding symbolic links setuid Permission The setuid Permission The setuid permission is set on certain system utilities so that an ordinary user can execute the program as if it was run by the root user. This allows an a normal user to perform common system administration tasks without having to do gain direct access to the root account. An excellent example of the setuid permission in action is the /usr/bin/passwd command. When a user executes the passwd command successfully, the command is able to update the /etc/shadow file to set a new password for the user. This file can’t be accessed normally by no-root users. Files with setuid A file that has setuid permission properly set will have a lowercase "s" in the “user owner” execute position, indicating both setuid and execute permission for the user owner are set: -rwsr-xr-x A file which has setuid permission, but lacks execute permission for the user owner will show an uppercase "S" to highlight that the permission is not effective: -rwSr-xr-x Using chmod with setuid The chmod command can be used to set or remove the setuid permission, using either a symbolic or numeric method Setting setuid where nnn is original permission mode: chmod u+s file or chmod 4nnn file Removing setuid where original mode is 4nnn: chmod u-s file or chmod 0nnn file setgid Permission The setgid Permission on a File The setgid permission used on a file is similar to setuid except that it uses group permissions. When a user executes a file that is setgid, the system runs the command as if the user were a member of the group that owns the executable, usually granting access to additional files. An example of setgid permission on a file is the /usr/bin/wall command. The wall command sends messages to other user’s terminals. Since this executable is owned by the "tty" group, . | Module 16 Special Permissions, Links and File Locations Exam Objective Special Directories and Files Objective Summary Working with system files and libraries Understanding symbolic links setuid Permission The setuid Permission The setuid permission is set on certain system utilities so that an ordinary user can execute the program as if it was run by the root user. This allows an a normal user to perform common system administration tasks without having to do gain direct access to the root account. An excellent example of the setuid permission in action is the /usr/bin/passwd command. When a user executes the passwd command successfully, the command is able to update the /etc/shadow file to set a new password for the user. This file can’t be accessed normally by no-root users. Files with setuid A file that has setuid permission properly set will have a lowercase "s" in the “user owner” execute position, indicating both setuid and execute permission for the user owner are set: .